search

cloudfoundry / diego-release

BOSH Release for Diego
Apache License 2.0
201 stars 213 forks source link

Bump github.com/nats-io/nats-server/v2 from 2.10.3 to 2.10.4 in /src/code.cloudfoundry.org #846

Closed dependabot[bot] closed 10 months ago

dependabot[bot] commented 10 months ago

Bumps github.com/nats-io/nats-server/v2 from 2.10.3 to 2.10.4.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.10.4

Changelog

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

CVEs

  • CVE-2023-46129 - nkeys: xkeys seal encryption used fixed key for all encryption

Go Version

  • 1.21.3

Dependencies

  • github.com/nats-io/nats.go v1.31.0
  • github.com/nats-io/nkeys v0.4.6
  • github.com/klauspost/compress v1.17.2
  • golang.org/x/crypto v0.14.0
  • golang.org/x/sys v0.13.0

Added

JetStream

  • Report Raft group name in stream and consumer info responses (#4661)

MQTT

  • Add config options to disable QoS 2 support (#4705)

TLS

  • Add opt-in TLS handshake first for client connections (#4642)

Improved

Dependencies

  • Remove unnecessary constraints dependency for ordered constraint (#4709) Thanks to @​misterpickypants for the contribution!

JetStream

  • Add internal pprof labels as metadata to the stream config for improved debuggability (#4662)
  • Stricter management of Raft state, which should improve recovery from a leaderless state (#4684)
  • Avoid unnecessary reallocations when writing the full filestore state to disk (#4687)
  • Improve recovery of blocks that are being updated midway (#4692)
  • Recycle filestore buffers on rebuild and write out full state prior to snapshotting (#4699)
  • Extend AckTerm advisory event to support a reason (#4697)
  • Improve time to select skip list and starting sequence number for deliver last by subject (#4712, #4713) Thanks to @​StanEgo for the report!
  • Optimize loading messages on last by subject if max messages per subject is one (#4714)

MQTT

  • No longer require a server name to be set for a standalone server (#4679)

Routes

  • Remove unnecessary account lookups for pinned accounts (#4686)
  • Upgrade non-solicited routes if present in config (#4701, #4708)

Systemd

... (truncated)

Commits
  • abc47f7 Release v2.10.4 (#4715)
  • 5d561d2 Bump to 2.10.4-RC.4
  • 3d88cac Merge commit 'dfe1721' into release/v2.10.4
  • dfe1721 [IMPROVED] Optimize on last by subject if mmps is one (#4714)
  • 85784a3 Only load msgs if mb.fss has been evicted.
  • c999177 If we have deliver last by subject and max msgs per subject of 1, we can shor...
  • 86452ff Bump to 2.10.4-RC.3
  • 923ef90 Merge commit '9edecc8' into release/v2.10.4
  • 9edecc8 Make sure if we have lots of subjects to fallback to subjects state (#4713)
  • e0ae88c Make sure if we have lots of subjects to fallback to subjects state vs get last.
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 10 months ago

Looks like github.com/nats-io/nats-server/v2 is up-to-date now, so this is no longer needed.